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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 25 September 2002 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-26 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) K Claim (s) 1-26 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
1 1 )□ The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a>n All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to the appeal brief filed 25 September 2002. 

Response to Arguments 

2. In view of the appeal brief filed on 25 September 2002, PROSECUTION IS 
HEREBY REOPENED. New grounds of rejection are set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) request reinstatement of the appeal. 

If reinstatement of the appeal is requested, such request must be accompanied 
by a supplemental appeal brief, but no new amendments, affidavits (37 CFR 1.130, 
1 .131 or 1 .132) or other evidence are permitted. See 37 CFR 1 .193(b)(2). 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

4. Claims 1, 6, and 8 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Claus etal. (5120939). 
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Figure 1 shows a second computer (element 500) receiving a request for 
identification (step 3) from a first computer (element 700). ID n is retrieved from memory 
(550) and sent to the first computer. A cryptogram of ID n (S n ) is further encrypted with a 
key shared with the first computer (see figure 2) by element 563. In step 4 the 
encrypted (or hashed) identifier is returned to the first computer. S n uniquely identifies 
the second computer because it is systematically derived from a value unique to 
element 500 (see lines 1 1-15 of column 5). A smart card is a computer because it 
comprises a processor and memory (see lines 33-34 of column 2). See also Claus et 
al.'s abstract. 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 2, 3, 7, and 21-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Claus et al. in view of Lee et al. (5774544). 

Claus et al. show a computer authenticating itself by supplying an encrypted 
version of a unique identifier to an authenticating computer. They do not say that the 
unique identifier is a microprocessor number. In lines 12-23 of the first column, Lee et 
al. say that using serial numbers identifying microprocessors allows for better tracking of 
a hardware component. Therefore it would have been obvious to a person of ordinary 
skill in the art at the time the invention was made to use microprocessor numbers, as 
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taught by Lee et al., for the unique identifier in Claus et al. in order to improve control of 
Claus et al.'s smart cards. 

7. Claim 4, 5, and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Claus et al. 

Claus et al. show a computer authenticating itself by supplying an encrypted 
version of a unique identifier to an authenticating computer. The only information 
shared by both the first and second computers is E 2 , which includes a key. The origin 
of E 2 is vague, but generally it is said to have been programmed into the smart card 
during manufacture. The challenge number generator used in Claus et al. is capable of 
producing truly random numbers and can thus be used to generate encryption keys. 
With respect to claims 4 and 9, Claus et al. do not state that the key used to encrypt the 
identifier is received from the authenticating computer. Official notice is taken that it is 
old and well-known to minimize the number of parties who have access to secret keys, 
such as those used in E 2 in Claus et al. Therefore it would have been obvious to a 
person of ordinary skill in the art at the time the invention was made for the 
authenticating entity in Claus et al. to generate the key used in E 2 and send it to the 
smart card, thereby increasing security by keeping the parties privy to the key to a 
minimum. 

With respect to claim 5, figure 6 in Claus et al. shows a networked environment, 
in which the two computers communicate via a public switched network. 
Communications over public networks render obvious web site addresses. As 
mentioned above, the only information that the two computers share is E 2 . Claus et al. 
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do not say that the key indicates an address of a web site. However, as the key (with its 
associated, generic algorithm) is the only shared piece of information, the web site 
address is necessarily indicated by the key. In other words, the one-to-one 
correspondence of the key to the host computer (element 600), mandates that the key 
is indicative of the web-site address. 

8. Claims 10, 11, 13, 14, 25, and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Zdepski et al. (5825884) in view of Schneier {Applied Cryptography) 
and Lee et al. 

In lines 64-67 of column 4, Zdepski et al. talk about encrypting a platform's 
identifier with a recipient's public key. In the following column, this cryptogram is sent to 
the recipient. They do not say that any steps are taken to ensure that the public key is 
authentic or that the identifier uniquely identifies the platform. On pages 185-186, 
Schneier teaches certificates as a means to "thwart attempts to substitute one key for 
another". This is a type of verification. Therefore it would have been obvious to a 
person of ordinary skill in the art at the time the invention was made to verify the public 
key used in Zdepski et al. to avoid undesired key swaps as taught by Schneier. 

In lines 12-23 of the first column, Lee et al. say that using serial numbers 
identifying microprocessors allows for better tracking of a hardware component. 
Therefore it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to use microprocessor numbers, as taught by Lee et al., for the 
unique identifier in Zdepski et al. in order to improve control of Zdepski et al.'s platforms. 
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9. Claims 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schneier, Zdepski et al., and Lee et al. as applied to claims 1 and 1 1 above, and further 
in view of Linehan (6327578). 

Zdepski et al., Lee et al., and Schneier show sending identifiers encrypted with a 
recipient's verified public key. They do not say that the key indicates an URL address. 
In lines 14-20 of column 5, Linehan teaches including an URL in a certificate. Thus the 
public key would indicate an URL address. Therefore it would have been obvious to a 
person of ordinary skill in the art at the time the invention was made to follow Linehan's 
example and include an URL address in the certificate of Schneier associated with the 
public key in Zdepski et al. This ties the key to a specific entity. 

10. Claims 15, 16, and 18-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Claus et al. and Schneier. 

Claus et al. show a computer authenticating itself by supplying an encrypted 
version of a unique identifier to an authenticating computer. They specifically teach 
encrypting with DES, but say, in lines 8-12 of column 8, that other enciphering 
computations could be used. They do not say that the encryption is a keyed hash. At 
the bottom of page 458, Schneier discloses keyed hashes with differing presumed 
security levels. In the simplest embodiment, the keyed hash is H(K, M). Keyed hashes 
curtail the ability of a malicious party to uncover the original K and M from the hash. 
Therefore it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to use the keyed hashes taught by Schneier as the enciphering 
computation in Claus et al., thereby combating unwanted disclosure of the identifier and 
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the key. As is apparent from the equation H(K, M), K and M are interchangeable. Thus, 
Claus et al.'s key is encrypted with the identifier, as per claim 15. For security reasons, 
the hash algorithm H would be assumed to be collision-resistant, non-commutative, and 
one-way. 

1 1 . Claim 1 7 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over Claus et 
al. and Schneier as applied to claim 15 above, and further in view of Lee et al. 

Claus et al. and Schneier show a computer authenticating itself by supplying a 
key encrypted with an unique identifier to an authenticating computer. They do not say 
that the unique identifier is a microprocessor number. In lines 12-23 of the first column, 
Lee et al. say that using serial numbers identifying microprocessors allows for better 
tracking of a hardware component. Therefore it would have been obvious to a person 
of ordinary skill in the art at the time the invention was made to use microprocessor 
numbers, as taught by Lee et al., for the unique identifier in Claus et al. in order to 
improve control over Claus et al.'s smart cards. 

Conclusion 

12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Lee et al. (5790663 and 5933620) and Ryan et al. (5805701 - 
see, for example, abstract). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Douglas J. Meislahn whose telephone number is (703) 
305-1338. The examiner can normally be reached on between 9 AM and 6 PM, 
Monday through Thursday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone 
numbers for the organization where this application or proceeding is assigned are (703) 
746-7239 for regular communications and (703) 746-7238 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 




Douglas J. Meislahn 

Examiner 

Art Unit 2132 
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December 15, 2002 
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